[Bridge] Linux Bridge + NAT + firewall

Stephen Hemminger shemminger at linux-foundation.org
Mon Apr 30 12:53:30 PDT 2007


On Mon, 30 Apr 2007 06:23:03 -0700 (PDT)
Sebastian Tabarce <blue_moon_ro at yahoo.com> wrote:

> Hello everybody!
> 
> I'm trying to setup at home a linux router for me and my 3 friends. Basically I had some spare network cards around and that is why I have not bought a switch or a router. Also all of us are rarely at home at the same time so bandwidth will not be a problem. And I thought it would be fun to try to make this work in linux. However, I've hit a dead end.
> 
> This is my problem:
> - I have a spare computer running CentOS 5 (RHEL 5 clone) with 5 network cards
> - we have an internet connection via a cable modem. The cable modem is linked at eth4 to the above computer that will be setup as router.
> - all the computers in the house are linked to the same above computer to eth0...eth3.
> I did the following:
> - I'm using dhclient to obtain an IP for eth4 via DHCP. The internet connection works on this computer, I am able to navigate, etc. I had to spoof the MAC address of eth4 since the MAC of one of the other computers was registered at our ISP. (Yes, I could have exchanged the network cards, if it wouldn't have been a laptop....)
> - I used bridge-utils to configure a bridge composed of eth0...eth3
> 
> my rc.local:
> 
> #create bridge
> 
> brctl addbr br0
> brctl stp br0 off
> brctl addif br0 eth0
> ....
> brctl addif br0 eth3
> ifconfig eth0 0.0.0.0
> ...
> ifconfig eth3 0.0.0.0
> ifconfig br0 192.168.0.1 netmask 255.255.255.0 up
> 
> #spoof MAC and get DHCP IP addres on eth4
> ifconfig eth4 down
> ifconfig eth4 hw ehter addr xx:xx:xx:xx:xx:xx:xx:xx
> ifconfig eth4 up
> dhclient eth4
> 
> #iptables 
>  iptables -t nat -A POSTROUTING -o eth4 -j MASQUERADE
> iptables -A INPUT -i eth4 -o br0 -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -i eth0 -o eth4 -j ACCEPT  
> 
> - the other computers also have IPs in the 192.168.0.xxx range with 192.168.0.1 set as gateway and DNS and are running Windows and linux.
> 
> My question is how do I masquerade all  4 computers linked to br0 and make them connect to the internet using my cable modem connection on eth4?
> I tried using iptables but could not obtained so far a result. IP forwarding is enabled in /etc/sysctl.conf.
> I'm thinking of refining afterwards the rules to have a true firewall, but first I need a working NAT.....


You need to setup NAT


More information about the Bridge mailing list